problem removing dialer - ias860.dll

    Date: 09/26/06 (Computer Help)    Keywords: security, virus, yahoo

    I am running Windows XP home.

    Ok, I don't know I got this, but I can't remove it. I've virus scanned 3 times (I am up to date), used spybot search & destroy (but it found nothing, even while updated), and used hijackthis to delete it, but everytime I do, it just keeps coming back. The virus scanner (I use AVG) found some of the virus but it didn't remove it all, despite me scanning more then once.

    I went to the registry and deleted all references to ias860.dll, and all it's keys, but it seems to magically reappear on startup.

    I also tried deleting the file, ias860.dll, but it won't let me. It's not in my process list and it only shows up in my startup list when I use spybot's 'system startup' tool (msconfig doesn't show it.) It's not read-only .. I also rebooted in safe mode and tried to delete the file, it still wouldn't let me. Also in spybot, there is a tool to remove BHO's. The BHO is there, it references to a place in the registry. I tried to delete the key in spybot, it removes it but it doesn't matter since it .. just keeps coming back.

    I can use spybot to delete the file, but it just keeps coming back. In spybot, this is the startup info:



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-09-19 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-09-22 Includes\Cookies.sbi
    2006-09-22 Includes\Dialer.sbi
    2006-09-22 Includes\Hijackers.sbi
    2006-09-22 Includes\Keyloggers.sbi
    2006-09-22 Includes\Malware.sbi
    2006-09-22 Includes\PUPS.sbi
    2006-09-22 Includes\Revision.sbi
    2006-09-22 Includes\Security.sbi
    2006-09-22 Includes\Spybots.sbi
    2005-02-17 Includes\Tracks.uti
    2006-09-22 Includes\Trojans.sbi

    {F38205E3-247C-4B04-B2F3-846EDFAE0100} ()
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: ias860.dll
    Short name:
    Date (created): 9/25/2006 11:11:32 PM
    Date (last access): 9/26/2006 12:12:16 AM
    Date (last write): 9/25/2006 11:11:32 PM
    Filesize: 17787
    Attributes: archive
    MD5: B272C620DD9510B17BF6A42123008D5A
    CRC32: 7960A010





    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-09-19 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-09-22 Includes\Cookies.sbi
    2006-09-22 Includes\Dialer.sbi
    2006-09-22 Includes\Hijackers.sbi
    2006-09-22 Includes\Keyloggers.sbi
    2006-09-22 Includes\Malware.sbi
    2006-09-22 Includes\PUPS.sbi
    2006-09-22 Includes\Revision.sbi
    2006-09-22 Includes\Security.sbi
    2006-09-22 Includes\Spybots.sbi
    2005-02-17 Includes\Tracks.uti
    2006-09-22 Includes\Trojans.sbi

    Located: HK_LM:Run, AVG7_CC
    command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    size: 369664
    MD5: 32e0d24ead2a5c7ee7b6ad516eafe8ee

    Located: HK_LM:Run, Tweak UI
    command: RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    file: C:\WINDOWS\system32\RUNDLL32.EXE
    size: 31744
    MD5: 0fb22dd37c17f80ad71316049f725170

    Located: HK_LM:Run, MSConfig (DISABLED)
    command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    size: 145408
    MD5: 06b6d4e46d5cf01494325e556e0635b8

    Located: HK_CU:Run, NoAds
    command: "C:\Program Files\NoAds\NoAds.exe"
    file: C:\Program Files\NoAds\NoAds.exe
    size: 151552
    MD5: f2c3f48a9348466cf8ffcfb1b4390873

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, ias860
    command: ias860.dll
    file: ias860.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, SensLogn (DISABLED)
    command: WlNotify.dll
    file: WlNotify.dll



    Logfile of HijackThis v1.99.1
    Scan saved at 1:31:45 AM, on 9/26/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\NoAds\NoAds.exe
    C:\Program Files\Spybot Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: (no name) - {F38205E3-247C-4B04-B2F3-846EDFAE0100} - C:\WINDOWS\system32\ias860.dll
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
    O20 - Winlogon Notify: ias860 - C:\WINDOWS\SYSTEM32\ias860.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


    I also tried searching yahoo for info on how to remove it or any info at all, I couldn't find any.

    Can anyone help me? thanks alot. ;)

    Source: http://community.livejournal.com/computer_help/691682.html

« Audio driver won't... || Sites not opening... »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home